GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,093 advisories
Filter by severity
Exposure of SSH credentials in Rancher/Fleet
Low
GHSA-wm2r-rp98-8pmh
was published
for
github.com/rancher/rancher
(Go)
Apr 27, 2022
Keycloak is vulnerable to IDN homograph attack
Low
GHSA-mwm4-5qwr-g9pf
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 28, 2022
Chrono has potential segfault issue in SPIFFE authenticator
Low
GHSA-45w3-v3g4-54pm
was published
for
parsec-service
(Rust)
Feb 11, 2022
Package discontinued because Bitly lowered the free quota
Low
GHSA-ggrh-grj3-vfvw
was published
for
bitlyshortener
(pip)
Nov 28, 2022
Incorrect default cookie name and recommendation
Low
GHSA-jjmg-x456-w976
was published
for
csrf-csrf
(npm)
Oct 10, 2022
Insecure Credential Storage in web3
Low
GHSA-27v7-qhfv-rqq8
was published
for
web3
(npm)
May 30, 2019
Open Redirect in hekto
Low
GHSA-c5j4-vw9m-xc95
was published
for
hekto
(npm)
Aug 27, 2020
•
withdrawn
Regular Expression Denial of Service in is-my-json-valid
Low
GHSA-4x7c-cx64-49w8
was published
for
is-my-json-valid
(npm)
Aug 19, 2020
•
withdrawn
Sensitive Data Exposure in sequelize-cli
Low
GHSA-3xc7-xg67-pw99
was published
for
sequelize-cli
(npm)
Jun 5, 2019
Regular Expression Denial of Service in braces
Low
GHSA-g95f-p29q-9xw4
was published
for
braces
(npm)
Jun 6, 2019
Undefined Behavior in sailsjs-cacheman
Low
GHSA-5w65-6875-rhq8
was published
for
sailsjs-cacheman
(npm)
Sep 11, 2019
Unencrypted passwords
Low
GHSA-q594-2475-8v9f
was published
for
org.apache.nifi:nifi-standard-processors
(Maven)
Feb 24, 2021
•
withdrawn
Cross-site scripting in SimpleSAMLphp
Low
CVE-2020-5226
was published
for
simplesamlphp/simplesamlphp
(Composer)
Jan 24, 2020
Link injection in SimpleSAMLphp
Low
GHSA-2r3v-q9x3-7g46
was published
for
simplesamlphp/simplesamlphp
(Composer)
Jan 24, 2020
Log injection in SimpleSAMLphp
Low
CVE-2020-5225
was published
for
simplesamlphp/simplesamlphp
(Composer)
Jan 24, 2020
Password Hashing: Do not use MD5
Low
CVE-2020-5229
was published
for
org.opencastproject:opencast-common-jpa-impl
(Maven)
Jan 30, 2020
Session key exposure through session list in Django User Sessions
Low
CVE-2020-5224
was published
for
django-user-sessions
(pip)
Jan 24, 2020
Request smuggling is possible when both chunked TE and content length specified
Low
CVE-2020-5207
was published
for
io.ktor:ktor-client-cio
(Maven)
Jan 27, 2020
Ability to switch channels via GET parameter enabled in production environments
Low
CVE-2020-5218
was published
for
sylius/sylius
(Composer)
Jan 31, 2020
ProTip!
Advisories are also available from the
GraphQL API